System and method for providing a secure network on another secure network

ABSTRACT

The present invention provides a system and method for providing a closed or secure network” on another closed or secure network. The system enables linking at least one acquirer network operating a closed network to at least one operator by a central server. The acquirer network includes one or more terminals and optionally an acquirer server. The central server is linked to the acquirer network and to the operator. The central server is configurable to communicate with at least a subset of the one or more terminals, and also with the operator, and to establish one or more serve; communication links between the operator and the one or more terminals. The central server acts as a trusted intermediary between the acquirer network and the operator for enabling the operator to communicate with the one or more terminals via the closed acquirer network.

PRIORITY

This application claims the benefit of Canadian Patent Application No.2,637,179, filed on Jul. 30, 2008.

FIELD OF THE INVENTION

The present invention provides a system and method for providing aclosed or secure network on another closed or secure network. Morespecifically, the present invention provides a system and method forenabling an operator of a closed or secure network to operate over aterminal network without compromising the closed nature of eithernetwork.

BACKGROUND OF THE INVENTION

Electronic Fund Transfer (EFT) devices at the point of sale, referred toas any of, EFT-POS devices, PIN Pads, chip and PIN card readers,signature terminals, payment devices, or authorization terminals(collectively referred to herein as “terminals”), are widely deployed toend user locations with merchants and retail outlets. These terminals atthe point of sale enable customers to transact with merchants using asecure payment means, such as a credit card or bank debit card. Typicalterminals include various card readers for example magnetic stripereaders, smart card readers and/or contactless device interface readers,for example RFID readers. Some terminals have in-built printers. Someterminals interface and have connectivity with the point of saleelectronic cash registers.

The terminals have user interfaces which include various screens,touch-screens, keypads and/or stylus pens for touch screen signaturecapture. The terminals are tamper proof and support several securityservices and are typically capable of authenticating a secure personalidentification number using cryptographic techniques including anencrypted keypad and encrypted messaging. The terminals typicallysupport peripherals and related messaging with controllers, electroniccash registers, bar code readers, optical mark sense readers andprinters.

The terminals are primarily used for initiating electronic fundstransfer. Within the financial services payments industry is a sectorknown as the Retail Electronic Payment Systems (REPS). The REPS executepoint of sale payments that are completed spontaneously at a locationother than the acquirer. The REPS is comprised of: credit card systems,Electronic Funds Transfer (EFT) systems primarily deployed for debitcard processing, and cash acceptance and bill payments systems. Majorpayment functions include: authorization and customer credit and debitcard transactions, capture of sales draft information over a securednetwork.

These terminals and REPS provide a far reaching established network,however the network is operated by an acquirer, which could for examplebe a bank or other financial institution. Therefore, the acquirer hascontrol and access to all devices and data communicated over itsnetwork.

Many entities have a need of distributing their products or services atmultiple locations, leveraging for example retailer locations. Theseentities (referred to as an “operator”) often use their own networks(with their hardware, software and network components) to distributetheir products or services. An example is a lottery corporation, whichoften uses proprietary lottery stations and has a need for broadlydistributed proprietary network. The distribution and maintenance of thehardware, software and network components to provide this proprietarynetwork requires initial and ongoing costs, including potentially apurchase cost to the merchant or operator and a maintenance cost for theoperator.

Lotteries have a pressing need to increase the quantity of points ofsales and expand into new sales channels to follow consumer spendinglocations and demographic segments. A primary driver of lottery sales isthe density and consumer convenience of the lottery sales terminal.Expanding access points is limited by the cost of the dedicated fullservice terminals requiring retailer high minimum weekly sales and/orthe availability the full service terminals. However, lottery operatorsare constrained in their ability to leverage existing networks owned byothers, as there is a high sensitivity of data communicated duringlottery transactions, coupled with the reluctance of the REPS to permitaccess by others which may compromise REPS security.

US patent publication 20030228910 discloses a lottery management system.A means is provided for connecting a third party device with a lotterynetwork. However, this invention merely connects a foreign device to alottery network through a connectivity network. The third party deviceand its connectivity network may be either open for installingapplications/connectivity or under the control of the lottery operatoror its player-customer. It does not overcome the limitation that thedata is available to the foreign network operator or attackers.

It would be beneficial to enable operators, such as lotteries, toleverage the REPS network and their terminals. However, it is notrealistic to expect operators to expose their communicated data toanother party, such as the acquirer, potential attackers or even otheroperators. Nor do acquirers want to expose their merchant information tooperators or other acquirers.

What is required is a system and method for enabling one or moreoperators to leverage one or more networks of terminals operated by oneor more acquirers without compromising the performance or security ofthe closed nature of either network. Multiple operators need tocommunicate with multiple acquirers. Sometimes an operator may legallyonly communicate to a subset of the acquirer's terminals.

SUMMARY

The present invention provides a system for linking at least oneacquirer network operating a closed network to at least one operator,the acquirer network including one or more terminals and optionally anacquirer server, the system characterized by a central server linked tothe acquirer network and to the operator, the central serverconfigurable to communicate with at least a subset of the one or moreterminals, and also with the operator, and to establish one or morecommunication links between the operator and the one or more terminals,wherein the central server acts as a trusted intermediary between theacquirer network and the operator for enabling the operator tocommunicate with the one or more terminals via the closed acquirernetwork.

The present invention also provides a computer-network-implementablemethod for linking at least one acquirer network operating a closednetwork to at least one operator, the acquirer network including one ormore terminals and optionally an acquirer server, the methodcharacterized by: (a) linking a central server to the acquirer networkand to the operator; and (b) configuring, or facilitating theconfiguring, by one or more computer processors, the central server tocommunicate with at least a subset of the one or more terminals, andalso with the operator, and to establish one or more communication linksbetween the operator and the one or more terminals, so as to enable thecentral server to act as a trusted intermediary between the acquirernetwork and the operator for enabling the operator to communicate withthe one or more terminals via the closed acquirer network.

In this respect, before explaining at least one embodiment of theinvention in detail, it is to be understood that the invention is notlimited in its application to the details of construction and to thearrangements of the components set forth in the following description orillustrated in the drawings. The invention is capable of otherembodiments and of being practiced and carried out in various ways.Also, it is to be understood that the phraseology and terminologyemployed herein are for the purpose of description and should not beregarded as limiting.

DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an example system in accordance with the presentinvention.

FIG. 2 illustrates the central server linked to a plurality ofclient/server architectures providing a plurality of sub-networks withinthe linked network.

FIG. 3 illustrates a plurality of business use cases for oneimplementation of the invention wherein the operator is a lotterycommission.

FIG. 4 further illustrates particular business use cases for oneimplementation of the invention wherein the operator is a lotterycommission.

FIG. 5 illustrates the context of four subsystems of the inventionwherein it is implemented as a lottery sales system.

FIG. 6 illustrates an example of a print-out of a lottery entry ticketof the terminal resulting from an example usage of the lotteryapplication.

DETAILED DESCRIPTION Overview

The present invention enables a closed network (as defined below) tooperate on the network infrastructure of another closed network. Morespecifically, the present invention enables an operator (e.g. a lotterycorporation—see below) to exchange communications with one or morenetwork devices (e.g. terminals as described below) associated with anacquirer's network (e.g. a financial institution's electronic paymentnetwork) despite the closed aspect of the acquirer network, for examplebecause of security requirements associated with the acquirer network.The present invention enables the linking of the operator network andthe acquirer network for communication between them, and specificallybetween acquirer's network devices and one or more servers associatedwith the operator, without compromising the closed nature, security andperformance of either network. A range of security services provided inaccordance with the present invention enable device authentication, dataorigination authentication, and entity authentication, therebymaintaining data privacy and integrity as particularized below.

The acquirer generally require device and data originationauthentication while the operator require entity authentication (e.g. ofa user of an acquirer terminal), which provides non-repudiation fortransactions with the operator, and involving one or more of theacquirer's terminals by operation of the linking of the acquirer networkand operator network (or network components of such networks), asdescribed herein.

In accordance with the present invention, said linking of the operatornetwork and acquirer network is achieved by the central server describedbelow, which acts as a trusted intermediary to enable the communicationsreferred to above between the operator and one or more terminals, acrossthe acquirer network.

With reference to FIG. 1, the system of the present invention comprises:(a) an acquirer network 4; (b) an operator network 24; (c) a centralserver 5 operated by a trusted third party; and (d) a plurality ofterminals 1. Security services 7 may be provided by the central server 5or by a security server linked to the central server 5. The acquirernetwork 4 and operator network 24 may be closed networks and need notshare any data between themselves.

“Closed” network in this disclosure means that third parties may notaccess, load applications or communicate with the network's devicesexcept with the network owner's participation, approvals and/orcertifications.

It should be understood that an “acquirer” means a network owner oradministrator, for example a bank or other financial institution, thatprovides merchants with transaction processing means includingterminals. It is contemplated that an acquirer may subcontract certainaspects of its role as acquirer to one or more processors.

In one particular implementation, (a) the acquirer network 4 is operatedby an acquirer; (b) the operator network 24 is operated by an operator;and (c) the central server 5 is operated by a trusted third party.However, it should be understood that any other operation model could beprovided for these components.

The central server 5 provides a mechanism for linking the operatornetwork 24 with the acquirer network 4, enabling the two closed networksto be linked such that the operator network 24 and related operationsare extended to the acquirer network 4, or part thereof permitted by theacquirer and the operator. The linked or combined network, provided inaccordance with the invention, and providing the access thereto to theoperator as described herein may be referred to as a “linked network” inthis disclosure, part of which is actually the acquirer network 4, butin relation to which the present invention enables the operator or itsdesignates to “piggyback”. In other words, the operator network 24communications, by operation of the present invention, can ride over theacquirer network 4, or selected portions thereof

This linking of the closed networks is enabled while maintainingacquirer's security services including data origination authentication,and maintaining the operator's security services including the abilityto authenticate terminals for the purposes of merchant transactionsbased on its own authentication procedures. In one aspect, the presentinvention enables the operator to apply its security services and itsuser authentication procedures, including on the acquirer network 4, asfurther particularized below.

In one implementation of the invention, merchants may also operate theirown networks of terminals, for the purposes for example of costreduction (transactional costs) and to facilitate functionality thatterminals provided by the financial institution may not permit, in whichcase for the purposes of the invention the merchant networks are part ofthe acquirer network with respect to enabling communications with theoperator. The merchant's network may also be a closed network in whichcase the acquirer network comprises both the financial institution'sclosed network and the merchant's closed network. The merchant networks,including the terminals, may have their own authentication requirements.The security services described below may include enabling themerchant's authentication requirements to be addressed for enablingcommunications between the merchant terminals and the operator via themerchant network and the financial institution's network.

The central server 5 is operated by a trusted third party to facilitatesecurity and privacy services so that acquirers and operators cannotaccess other parties' data. The operator does not have access to modifythe central server 5, although there may be a mechanism for enabling theoperator to provide business data updates and other content to thecentral server 5. The central server 5 enables certain security services7 in relation to the communications being routed through the centralserver 5.

The operator network 24 may be linked to the acquirer network 4 by thecentral server 5 and could be further linked by The acquirer server 3 oranother device, for example a switch 25, approved by the acquirer forrouting, and may bypass the acquirer server 3 for certain transactionmessages. For example, if the operator has provided its applicationswith signed code for use on the acquirer network 4, the acquirer may notrequire that the operator network 24 be linked to the acquirer network 4by the acquirer server 3.

A plurality of terminals 1 are deployed to one or more retailers orother end user locations 2. The terminals 1 define nodes on both closednetworks and are typically deployed by the acquirer. The central server5 controls access to the operator network 24 by the terminals 1. Thecentral server 5 can be configured to enable the operator to access allor a subset of the terminals 1, enabling the operator to select whichterminals 1 it wishes to provide connectivity.

A terminal application 17 is delivered to the terminals 1, for exampleby operation of a network management system operated by or for theacquirer, which is operable to deliver application code to the terminals1. Usually, any application code must be accepted by the acquirer priorto distribution to the terminals 1, which acceptance may include acertification process with application code signing in order to enableloading and installing the terminal application 17, and interoperationof the terminals 1 with the acquirer network 4, using the terminalapplication 17 and data origination authentication provided by theacquirer network 4.

The terminal application 17 provides user authentication whereby a userof the terminal 1 enables the operator to operate its network on theacquirer network 4. In other words, the terminal application 17 enablesthe terminal 1 to be used on the operator network 24 by authenticatingthe user of the terminal 1 by way of services of the central server 5.The terminal applications 17 configure the terminals 1 to provide thecommunication methods of the present invention. The terminal application17 leverages the resources of the terminal 1 on which it resides andcommunicates with the acquirer network 4 and the central server 5.

The terminal applications 17 also receive from the central server 5business documents 10, transaction sets 11, dynamic data 12, updates 13to programming, and additional programming code to enable thecommunications described for the operator network 24 over the acquirernetwork 4. The acquirer servers 3 do not perform any the operator'sbusiness processes.

Each terminal application 17 comprises: (a) a messaging utility 18 forenabling the exchange of communications with the central server 5; (b)security layers 19 with optionally a data origination authenticationutility and device authentication for authenticating the terminal to theacquirer server 3, particularly in a client/server implementation of theterminals where the terminal 1 is the client to the acquirer server 3;(c) a controller/handling and processing layer 20 for processing thetransactions whether based on instructions that are part of the terminalapplication 17, or instructions provided dynamically by the acquirerserver 3; (d) a user authentication layer 21 directed to the operator,and operable to authenticate an authorized user of the terminal 1 to theoperator server 6, whether directly or indirectly by operation of thecentral server 5 as an authentication intermediary; and (e) apresentation layer 23 and user interface linked to thehandling/processing layer for interacting with the user interfacesincluding keypad, displays, touch screens and printing etc.

It should be noted that the terminal application 17 may supplement theexisting or proprietary application provided on the terminal 1 by theterminal manufacturer or the acquirer, in which case it could beexecuted along side or over top of the existing or proprietaryapplication, or is executed by the existing or proprietary application.Alternatively, the terminal application 17 can replace the existing orproprietary application, by including in terminal application 17 thefunctionality of the proprietary application.

The role of these components of the terminal application 17 in enablingthe method of the present invention is discussed in greater detailbelow.

The following describe example implementations of the componentsreferred to above, and their functions. However, it should be understoodthat the components and functions of the invention may be provided inmany other implementations, including for example on a distributed orintegrated basis, whereby a smaller or larger number of componentsperform these functions. Furthermore the particular software structuresdescribed may be provided by other structures enabling the methods ofthe invention. Furthermore, control of the various components could beby other parties including on a committee basis or delegated basis.

Note that the terminal application 17 may include additionalfunctionality or features. For example it may be desirable to include inthe terminals 1 used in connection with the present invention (whetherby operation of the terminals or the terminal application) functionalitythat prevents unauthorized third parties from accessing the terminals 1or the terminal application 17 for the purpose of “listening” by using aknown security technique for this purpose and thereby capturingtransaction data processed by operation of the terminals.

The central server 5 manages and provides a number of services includingsecurity 7 and procurement services 6 and the communications between theterminals 1 and the operator server 6. The functions of the centralserver 5 are further described below.

Optionally, the central server 5 is linked to a plurality of suchclient/server architectures providing a plurality of sub-networks withinthe linked network, as best illustrated in FIG. 2. Each client/serverarchitectures includes a plurality of terminals 1, usually associatedwith a single acquirer, and at least one acquirer server 3 to facilitateoperation of the operator network using the acquirer network 4. Theterminals 1 are linked to the acquirer server 3 for the purpose ofmanaging communications associated with the operator server 6, but viathe acquirer network 4, with the central server 5 acting as the trustedintermediary between the acquirer network 4, or network portion that ispart of the linked network, and from an operator's perspective, theoperator's closed network. While under certain implementations,operators/acquirers will require that each terminal 1 is associated witha single acquirer and a single operator, collaboration between theparticipating acquirers and operators is possible in accordance with theinvention, which can enable many to many relationships implemented tothe linked networks described.

Security services 7, for the benefit of the operator, are provided bythe central server 5 or a central security server linked to the centralserver 5, or made part of the central server 5 by including securityfunctions therein. Another operator security server may be associatedwith the operator server 6. Security services for the operator describedherein could alternatively be provided by an operator security server,with the central server acting as an intermediary, or may be distributedbetween the central server's central security server and the operatorsecurity server. Details regarding the security services are providedbelow.

The central server 5 is linked to one or more databases 9. The databases9 include at least one catalogue associated with each operator. Thecatalogue is best understood as a compilation of computer filesassociated with specific offerings of a particular operator. In aparticular implementation of the invention the catalogues 9 includes alist of such specific offerings, captured as “business documents” 10.The business documents 10 are generated, for example by operation of thecentral server 5, based on the operator's specific business dataprovided, embodying data and processes associated with a specificoffering and any related transactions. The operator's business data mayinclude dynamic data, application code, configuration data and otherobjects required to process transactions by the operator, associatedwith the communications directed over the linked network. An example ofbusiness data and generation of business documents 10 is provided below.

It is also contemplated that the business documents 10 may include theparameters for the communications between the terminals 1 and theoperator network 24 over the acquirer network 4 that is associated witha particular operator, for example content, processing or securityaspects for enabling the operation of the operator network 24.

As stated earlier, the particular authentication parameters foraccessing the operator network 24 and communicating messages on theoperator network 24 are established by the operator. Thus the acquirerprovides device and data origination authentication while the operatorprovides entity (or user) authentication. These authentication measuresprovide data privacy and integrity.

It should be understood that the generation of the business documents 10from business data, made centrally available via the central server 5,aids in the implementation of the invention, particularly where thereare multiple operator offerings; multiple operators; each operatorhaving specific data and rules governing their transactions, forexample, based on geographic considerations, transaction rules,regulatory rules, regulations and so on. In a particular implementationof the present invention, the business documents 10 form the basis fordeveloping transaction sets 11 for the terminal application 17, orparticular iterations or configurations thereof for particularsub-networks associated with specific operators, as described above. Forexample, the business documents 10 may be used to assist in thedevelopment of terminal applications 17 acceptable to particularacquirers, thus for example reducing the cost of achieving codeacceptance of the terminal application 17, which is often a prerequisitefor distribution of the terminal application 17 to terminals 1controlled by a particular acquirer. The business documents 10 may beembodied in transaction sets 11 implemented to the terminals 1 byinclusion in terminal application 17 iterations or configurationsdistributed by or for the associated acquirer. The transaction sets 11in effect, by this process, embody the business data, thereby enablingthe terminal to be integrated with the terminal-to-operator transactionprocess. Again, this aids in implementation of the invention toparticular operator requirements, and particular operator network 24 andacquirer network 4 conditions.

In operation, once a terminal 1 is provided with access to the acquirernetwork 4 by authenticating to the acquirer network 4, the terminalapplication 17 is operable to create a message whose content ispermitted by the acquirer network 17, but in effect determined byoperator as enabling a specific operator offering or relatedtransaction. The actual content of the message conforms to requirementsof the operator in accordance with its business data. These requirementsare provided by the operator as business data, which include businessrules relating to functions the operator wants to provide using theoperator network 24. In one particular implementation, the resultingmessage is communicated to the central server 5 and, if it conforms withthe catalogue, may be further routed to the operator server 6 or, if itdoes not conform with the catalogue, may be rejected. If it is routed tothe operator server 6, the message is received for processing by theoperator server 6 but may first be routed to the security services 7 forauthentication, and then opened (after application of security services7), and acted on by the operator server 6. The operator server 6 acts onthe contents of the message in accordance with its business data and maysend a message back to the terminal following the same steps in reverseorder.

The present invention, therefore, enables the operator network 24 tooperate on the acquirer network 4 while ensuring the confidentiality andintegrity of data between a point of sale user and the operator. Thepresent invention also provides end to end authentication from the userof the terminal 1 (e.g. personnel of merchant where a terminalauthorized for transactions with the operator is located) to theoperator server. End to intermediate authentication is possible as well,specifically to the central server 5.

Financial Network

The acquirer network 4 is comprised of one or more terminals 1 deployedto end user locations, for example retailers, and may include afinancial server for processing financial transactions. Many solutionsare known for configuring the acquirer network 4. An acquirer isresponsible for capturing and routing transactions via the processingnetwork switches to the appropriate service entity in accordance withits financial network implementation. Data transmitted over the acquirernetwork 4 should not be accessible by the operator.

It should be understood that substantial variation is possible at theterminal 1 and acquirer server 3 levels (herein referred to as“client/server”). The specifications from one terminal 1 to another canvary greatly, for example with respect to connected and supportedperipherals 22, sizes of key pads and screens, screen resolution, screensize, touch screen capability, security/authentication capabilities,etc. Each merchant associated with a terminal may also have its ownrequirements, for example how terminals 1 link to cash registers,whether the terminal 1 is integrated to the cash register or not,peripherals the merchant requires, for example outboard printers,whether a merchant logo appears on a print out generated by theterminal, prompts applicable to a merchant's transactions, controls atmerchant level, for example which personnel are authorized forparticular types of transactions. There may also be substantialvariation at the acquirer level, for example to support legacy networks,suppliers, etc., or to implement what the acquirer might believe is theoptimally safe or efficient implementation. All of this variation can beimplemented by operation of the present invention. The terminalapplication 17 includes programming that enables interoperation with thevarious hardware, middleware, and software enabling terminal functions;the terminal application 17 embodies the business data via the businessdocuments 10; and the terminal application 17 also embodies specificrequirements of the acquirer including for example for dataauthentication (including possibly authentication of the terminalalthough this is typically addressed by components already provided onthe terminal and with which the terminal application interoperates).

Central Server

The central server 5 provides a mechanism for linking the operatornetwork 24 and the acquirer network 4, enabling the two closed networksto be linked as describe above. The central server 5 is linked to aserver application 8, which manages communications between the terminals1 and the central server 5.

The central server 5 performs security services and businesstransactions associated with the operator. The operator providesspecific business data and the terminal and acquirer network supportspecific networking communications and application transaction sets 11.The business data is applicable to the operator network 24 and not tothe acquirer network 4, whether the terminals 1 or the acquirer servers3. And yet there is a need for transactions sets, implemented at theclient/server layers that conforms to the business data. Business datacan change over time, as explained more fully below. With thisvariation, there is a need for an efficient approach to building andmaintaining the client/server code, and processing code signing by theacquirer.

The central server 5 pulls the business data, for example from theoperator server 6, or the business data is pushed to the central server5. The central server 5 interprets the business data and transactionsets 11 by the following transformations, which could be provided by atranslation engine or data mirroring technique. The central server 5 mayprovide a first business services interface to the operator network 24,having operator business processes, and a second business serviceinterface to the acquirer network 4 which has acquirer businessprocesses, to provide the transformation and transportation of businessdocuments 10 and related business data.

The central server 5 supports transaction sets 11 between a terminal 1and the operator server 24 by enabling the transformation and transportof the transaction sets 11 and business data between the operatornetwork 24 and acquirer network 4 and terminals 1. The transaction sets11 are a business process with business data.

The central server first transforms business data to map to traditionalprinted business documents in the form of business documents 10. Thebusiness data includes information regarding the business processes andtransactions provided by the operator and more particularly informs thecentral server of the operator's possible transactions. For example, inthe context of the operator being lottery commission, the business datamay include lottery host games and draw types, draw matrices, validitytimes, valid prices, etc. and the resulting business documents mayinclude catalogue, order response, order change, order cancellation,dispatch ticket, receipt advice. The business data may be analyzed bythe central server to generate a set of business documents that provideinformation about the transactions.

The central server 5 next transforms these business documents 10 to mapto specific terminal secure procurement transaction sets 11 andprocesses. Examples of transaction sets 11 include: requesting-activitypartner/role (for example a user of a terminal), requesting-activitybusiness document (for example an order) with business data,responding-activity partner/role (for example an operator), andresponding-activity document (for example an order response) withbusiness data.

The operators may have legacy business data, which may not berecognizable to the acquirer network 4 or supported by the terminals 1.The central server 5 supports the transaction sets 11 by ensuring thebusiness documents 10 and business data is transformed and transportedappropriately to each of the request and responding parties via theirrespective business service interfaces.

The central server 5 can use a baseline standard set of businessdocuments 10 and has means for transforming an operator's business dataappropriately to and from business documents 10. The central server cantransform the business documents 10 to be appropriate for a specificacquirer network's transport protocol, format and terminal applications.

The security services 7 linked to the central server 5 may also provideadditional security for interfacing to operators and acquirers.

The functionality of the central server 5, including the businessdocuments 10, and the design of the terminal application (or itsiterations) as described above provides a platform to which developersmay build terminal application iterations or configurations that eithercan be updated readily to address operator driven changes to businessdata (for example by operation of an update utility 14) or to enableefficient deployment of the multiple terminal application instancesbased on the merchant/merchant location/acquirer/operator variationsthat can occur, as further illustrated in examples below. This can beenabled by providing operators with the tools for providing up to datebusiness data and by providing tools to developers to make it easier toroll the system out. For example, FIG. 3 illustrates a plurality ofbusiness use cases for one implementation of the invention wherein theoperator is a lottery commission. FIG. 4 further illustrates particularbusiness use cases. A plurality of business use cases may be developedbased on a developer mapping a transaction flow to a plurality of steps.The present invention provides a system for enabling the mapping tocarry out the cases based on developer notes.

In one implementation, the first step is to enable on the central server5 links to the operator server 6. These links are created for thepurpose of obtaining current business data. Push and pull architecturesmay be used, and preferably both are possible because of variation atthe operator system level as well. Business documents 10 may then becreated by the central server 5. The business documents 10 may be usedto build iterations or configurations of the terminal application and/orserver application; as a result the terminal application and/or serverapplication are operable to process a series of transaction sets 11 atthe terminal, the transaction sets 11 consistent with the business data.The application code for the terminal application 17 and serverapplication 8 may then be signed by the acquirer, enabling security fordata authentication (including the ability to activate a digitalsignature, enter a pin and other security aspects effectively used bythe operator, even though the data is invisible to the acquirer). Thecode may then be distributed by or for the acquirer to the terminals 1that the operator has signed up for. The operator then may generatecredentials for authentication of users of the terminals 1 permitted bythe merchants and/or operator.

In operation, the central server 5 receives from the operator server 6 aset of business data and is operable to create and edit businessdocuments 10 to facilitate the following set-up steps for the centralserver 5 to execute at run time.

-   -   i) The central server 5 creates, reads or updates the operator        specific business data and transforms it into business documents        10. The central server also provides transaction sets 11 for the        acquirer network 4. These transaction sets 11 will be        transferred from the central server 5 over the specific acquirer        network 4 to the terminals 1. The business documents 10 and        transaction sets 11 provide quality assurance and template        checklists for the different sets of operator specific business        data within the central server 5. Business documents 10 examples        include orders and order responses.    -   ii) At setup/design time, business services particular to each        acquirer including user credentials are provided from the        terminal to the central server over the acquirer network. These        business services enable the transformation of the business        documents 10 to transaction sets 11 using the acquirer's        specific protocol and formats. The business services to enable        this transformation are formatted into a message which is        supported for “transport” by the acquirer network 4 to enable        the terminals 1 to initiate transformation of business documents        10 to the required transaction sets 11.

-   iii) At run time the central server 5 has populated the business    documents 10 and transforms these business documents 10 to    transaction sets 11 enabling the operator network 24 to operate on    the acquirer network 4.

Each merchant's credentials are provided to only the associatedmerchant, usually by the operator providing the credentials directlyusing offline or online means, for example by an operator's sales agentdelivering a smart card to the merchant, or delivering a smart card bymail or courier, or possibly indirectly by the operator of the centralserver 5, for example by download or request for activation of securitycryptographic primitives.

Update Utility

As an additional step, using an update utility 14, the operator mayprovide to the central server 5 updated business data. The code signingusually involves the acquirer authorizing dynamic update of the terminalapplication 17 and/or server application 8. Dynamic updates may be made,or each transaction set may include a process whereby a request is madeto the central server 5 (either directly or indirectly through theserver) for the up to date business document(s) associated with thetransaction set, which the central server 5 is operable to send to theterminal 1 (again directly or indirectly) thereby providing to theterminal on a real time or near real time basis the up to date businessdata originating from the operator and required in order to process thetransaction between the user and the operator, with the terminal andoperator providing the conduit.

The central server 5 may be linked to the operator server 6, and oneaspect is that it is linked the operator server 6 to pull specificinformation and update the central server 5 to the extent that there arechanges at the operator server 6 level that constitute updates tooperator specific business data or transaction rules. The central server5 may be self-updating in order to appropriately reflect regular changesat the operator level that need to be reflected in the way thattransactions processed. Push and pull architectures are possible, toconform with the specific requirements of each operator, and in oneembodiment the central server 5 accommodates both architectures.

Security Services

As previously mentioned, it may be of importance to either or both theacquirer and the operator that its network and data on its network besecured and not accessible to the other party, third parties or tounauthenticated parties. Both the acquirer and the operator may desirefull authentication. The acquirer may require device and dataauthentication while the operator requires entity authentication, forexample authentication of a user accessing the system, to prevent theftfor example. The acquirer may also require device authentication toensure the integrity of its network. However, the acquirer may not beconcerned with the identity or invoicing of users (merchants). Rather,theft and subsequent use of a terminal by an unknown entity is a muchlarger concern for operators. Therefore operators may desire toauthenticate the user of the terminal 1 in the merchant store.

Security services 7 enable an operator to leverage the acquirer network4. The security services 7 provide authentication of users, entities orterminals to the operator network 24. The security services 7 alsoenable the acquirer to secure the acquirer network 4. Thus the presentinvention provides both data origination authentication for the acquirerand user entity authentication for the operator.

Both a customer anonymous mode and in a customer registered account modemay be provided.

At least three business processes may be provided for configuring thesystem of the invention prior to operation of a terminal in the operatornetwork: (1) set-up/certify new operator; (2) set-up/certify newacquirer; (3) set-up/QA new merchant, which has entered into a contractwith the operator, and has one or more stores and one or more terminals.

Upon operation of a terminal 1 and attempted linking to the operatornetwork 24 another authentication is performed. Optimally, theauthentication includes both authentication of the terminal 1 and of theuser at multiple levels. For example, the terminal 1 may be associatedwith a merchant ID and store ID (particularly where the merchant hasstores in various jurisdictions) and device ID, while the user isauthenticated by a user ID. The security services may be configured toassociate the user ID with a particular set or sets of merchant ID,store ID and device ID, preventing an unauthorized use of a terminal 1.

Blocking of transactions for example not authorized geographically couldbe controlled at a number of different levels. This may be performed atthe central server or the operator level, to block a transaction if itis not coming from an authorized terminal, i.e. a terminal 1 in anauthorized geographic location or from a merchant location that has beenotherwise approved by the operator.

Other aspects of security services 7 enabled by the present inventioninclude:

-   1. The central server 5 provides for multiple security services 7    across the acquirer network 4 (or portion thereof associated with    the operator) and the operator network 24 to support their    respective industry security needs. Cryptographic security    primitives may be combined to meet various security services    functions and objectives. The methods of operation will exhibit    different characteristics when the primitives are applied in a    variety of ways and inputs.-   2. The security level at the central server 5 level, or level    controlled by the operator of the central server 5, is implemented    to meet the current industry practices of the banking industry as it    relates to the industry term called “the work factor to defeat the    security objective”. For this reason the invention may be    implemented with unkeyed primitives, symmetric-key primitives and    public/asymmetric-key primitives.-   3. An example of a combination of primitives to provide the “entity    authentication” is the process whereby the acquirer terminal    receives via download or download activation or physical delivery    the USER public and private key pair, and the public key of the    central server and the public key of the operator. These keys    combined with the primitives and application techniques can provide    the security services.-   4. Because the operator has a copy of the USER public key associated    with the specific operators billing customer account, the operator    may not use a certification authority and certificate revocation    list processing.-   5. An example of the security services is the securing of the    transaction sets (enabled by the terminal application, and    optionally the terminal application in cooperation with the acquirer    server application) whereby the message data associated with the    business documents (in effect reflecting the business data) is    completed by the SSL/TLS protocol suite to provide encryption    privacy, operator and central server authentication, message    integrity, USER authentication and non-repudiation services.-   6. Examples of cryptographic functions and generic cryptographic    techniques providing Authentication services are documented in:    -   a. ISO/IEC 9798 and 14888,    -   b. ANSI X9 documents the banking security examples    -   c. US government FIPS (196) documents    -   d. Example amongst others include;        -   i. Public key encryption            -   1. RSA            -   2. El-Gamal            -   3. Elliptic Curve        -   ii. Digital signatures and Digital Envelopes            -   1. RSA            -   2. DSA            -   3. EC-DSA            -   4. Digital signature/envelopes per PKCS #7        -   iii. Digital certificates            -   1. X.509 (Public Key of ID Subject with a Digital                Signature)                -   a. ISO 9594-8 Versions and custom extensions of                    X.509-   7. Security Protocol examples which can provide authentication,    integrity, and privacy are:    -   a. SHTTP    -   b. S/MIME    -   c. Internet SSL/TSL including mutual authentication    -   d. Digital signature/envelopes CMS PKCS #7, RFC 2315    -   e. IPsec

Furthermore, as previously mentioned, in one implementation of theinvention merchants may also operate their own networks of terminals,whether to reduce costs and to facilitate functionality that is notprovided by the financial institution, in which case for the purposes ofthe invention the merchant networks are part of the acquirer networkwith respect to enabling communications with the operator. The merchantnetwork may include zones or corporate networks linked to the acquirernetwork at the direction of the merchant based on the merchant's ownauthentication requirements. It should be understood that the securityservices include enabling the merchant's authentication requirements tobe addressed for enabling communications between the merchant terminalsand the operator via the merchant network and the financialinstitution's network.

Terminals

A terminal application 17 is delivered to the terminals 1 for acceptanceby the acquirer as described above. The terminal application 17 providesauthentication whereby the operator is authorized to operate its networkon the acquirer's network. In other words, the terminal application 17enables the terminal 1 to be used on the operator network 24 byauthenticating the terminal 1 by way of the central server and securityservices. The terminal applications 17 configure the terminals 1 toprovide the communication methods of the present invention. The terminalapplication 17 leverages the resources of the terminal 1 on which itresides and communicates with the central server 5.

The terminal applications 17 also receive from the central server 5dynamic data 12, updates 13 to programming, and additional programmingcode to enable the communications described over the acquirer network 4.

Each terminal application 17 comprises: (a) a messaging utility 18 forenabling the exchange of communications with the central server 5; (b)security layers 19 with optionally a data origination authenticationutility and device authentication for authenticating the terminal to theacquirer server, particularly in a client/server implementation of theterminals 1 where the terminal 1 is the client to the acquirer server 3;(c) a controller/handling and processing layer 20 for processing thetransactions whether based on instructions that are part of the terminalapplication 17, or instructions provided dynamically by the acquirerserver 3; (d) a user authentication layer 21 directed to the operator,and operable to authenticate an authorized user of the terminal 1 to theoperator server 6, whether directly or indirectly by operation of thecentral server 5 as an authentication intermediary; and (e) apresentation layer 23 and user interface linked to thehandling/processing layer for interacting with the user interfaceskeypad, displays, touch screens and printing etc.

The messaging layer 18 may include means for communicating between theterminal 1 and the acquirer network 4 and central server 5. Thesecommunications may be based upon specific external interfacespecification of protocols, for example FTP, HTTP, HTTPS, ISO 8583, andmessage formats, for example proprietary bit maps as binary data,various encrypted formats, EDI X12, various HTML and various XMLvocabularies, etc. This layer may also include security andauthentication requirements specific to the terminal application 17 orrelated processes in relation to the acquirer server.

The controller/handling and processing layer 20 may be operable to hold,manage and apply transaction sets 11. The transaction sets 11, aspreviously mentioned, embody the operator's processes in regards to theterminal 1 and a security handler includes the operator security andauthentication means or could be a separate component.

The presentation layer 23 may include a utility for managing whatappears on the terminal display, keypad inputs, readers and printers,that is associated and approved by the acquirer or the operator (andoptionally the merchant where the operator has agreed for example todisplay or print the merchant's logo on the output of a transaction) aswell as other screen displays, prompts and menu selections. The userinterface may support the terminal's hardware drivers and readerservices, and controllers for connectivity and security, which mayrequire support for the specific protocol and message format used by theacquirer on its terminals. It may also include security/authenticationprocesses as it relates specifically to loading, configuration andinteroperation of the application and the terminal.

Payment

The invention provides to the merchant the capability to use themerchant's terminals 1 to distribute information and products andcomplete the selling and payment transaction with the operator. In somecases the operator's product is a service to place funds into thecustomers own personal account with the operator.

At the merchant's point of sale or end user location 2, the customer oralternately the merchant may use the terminal 1 to review and chooseproducts, make personal selections and then pay and optionally print anoperator ticket in real time. Thus the shared use of the terminal 1enables both payment processing and sales of operator products. Each ofthese tasks is executed within their respective network. Additionallythe invention provides the merchant with means at the terminal 1 toaccept payment for multiple transactions between a customer and theoperator. Multiple operator products may be offered and purchased. Thecustomer may choose multiple products and pay the merchant on theterminal 1, optionally resulting in printing an operator ticket on theterminal 1 or a peripheral printer.

Furthermore, if the terminal 1 is used to read a customer'sidentification document, for example a driver's license or otheridentification, the operator may enroll the customer and collectcustomer purchase information. This may be particularly advantageouswhere the operator's product requires a minimum age or residencyrequirement to be confirmed using the terminal.

A database 15 linked to the operator server 6 may also be maintained bythe operator for associating enrolled customers with profile information16, for example to predict purchasing by the customer. For example,information about the customer and their purchases may be transmittedand stored in the operator's database 15. When a customer transactsusing the terminal 1 and provides an identification document, theoperator's database 15 may provide to the terminal 1 customerinformation for direct selections and may collect further information,augmenting that information already stored. After collecting theinformation the terminals 1 may transmit the information directly to theoperator, or in the alternate to prepare and submit it indirectly viathe third party terminal or device.

EXAMPLES Lottery Retailer

In one implementation of the invention, it is a system to enable salesand distribution of lottery tickets, game tickets, and other entrytickets by utilizing the processing networks and devices of thefinancial services industry. The invention is based upon the novelapproach whereby retail customers may select, purchase, pay and printthese tickets, vouchers or coupons by sharing and utilizing theacquirer's electronic payments devices and infrastructure. A financialinstitution is the acquirer and a lottery commission is the operator.

FIG. 3 illustrates the present invention for enabling a lottery retailerto sell lottery tickets using a terminal provided by an acquirer. Aplurality of terminals are provided, which either connect directly orthrough a merchant terminal to the Internet. A central server isprovided that enables access to the operator network by the terminals.

FIG. 4 illustrates an example set of processes for enabling a merchantwith a terminal to access an operator network. A trusted individual atthe merchant is provided with an authentication. The trusted individualauthenticates to the central server using the terminal. The centralserver responds by enabling the terminal to display options to thetrusted individual, for example to manage merchant options on theterminal or to maintain the authentication of the terminal.

Another individual at the merchant may actually be responsible forprocessing transactions. For example, a customer may wish to purchase alottery ticket or attempt to have cancelled a lottery ticket. Theindividual may select a lottery ticket selling function or a lotteryticket cancellation function on the terminal. The function istransmitted through the central server to the operator's server, whereit is processed.

A number of payment transaction types may be performed by the user onthe terminal in accordance with a typical implementation: (a) credit ordebit card sale, enabling the credit cardholder to pay for goods orservices; (b) refund for an earlier payment made by a cardholder; (c)transferring funds from a cardholder's account; (d) cash back, enablinga cardholder to withdraw funds from their own account at the same timeas making a purchase; (e) enquiry, enabling a cardholder to view theirbalance; (f) an available funds enquiry, linked accounts enquiry orrequest for a statement of recent transactions on the account; (g)top-up, where a cardholder can use a terminal to add funds to a pre-paidaccount, for example a mobile phone; and (h) administrative, for any ofa variety of non-financial transactions.

The invention enables the terminal to provide additional functionswithin the operator network environment, including for example: (a) thecustomer chooses to perform a transaction with the operator, enablingthe terminal to initiate an authentication process with securityservices and linking to the operator network to activate and runoperator functions; (b) the user initiates the terminal's link to theoperator network by an event which may be for example a keypad entry onthe terminal or the terminal performing an access activation throughdifferent trigger events such as a magnetic cards read, bar code read,RFID, or near field communication; (c) the user uses the terminal as asales channel in accordance with business data from the operator and thecustomer or user selects the product for pending purchases. A pendingpurchase may need to be configured by the user who may choose a numberof ways to configure and make selections in accordance with the businessdata. The user may choose to manually enter their selection choices, orin particular implementations may accept random generated selections orrepeat prior selections. In the case of manual selections, the userinputs are made on the terminal keypad and sent to the operator's serverfor validation against the business data. In some cases customerselection slip forms are read by a device and the selections or marksare converted into the selections. The entry is accepted or rejected bythe operator's business data. If the entry is accepted a printout may begenerated. Customer and/or merchant information may also be packagedwith the printout. In some cases, subject to business data, thetransactions may be canceled by the purchaser. The terminal is capableof requesting certain management reports such as a daily sales report,weekly reconciliation invoicing, etc.

FIG. 5 illustrates the context of four subsystems of the invention 120,500, 510, 310 wherein it is implemented as a lottery sales system.Standard retail payment systems for credit and debit payments use thesystems 100, 110, 200, 300, 400, 700, 800, 900. The objective of theinvention is to enable and utilize devices and systems 100, 200, 300,400 of the payments processing networks into a multipurpose network toact as a sales and distribution channel. The invention enables lotteryand gaming content from system 600 to be sold and payment accepted at amerchant who is in possession of system 100 having invention subsystem120. Additionally for the purposes of credit and debit card payment forthe ticket purchases the invention uses the systems 300, 700, 800 and900. Payment application 110 in system 100 requires the invention manageand comply with all of the rules, constraints and interfaces for thestandard retail payment system in order to have shared processes ofticket sales with payment.

System 100, a payment terminal, receives and loads the appropriateversion of the invention's approved lottery application 120, from theinvention subsystem 500 via either the systems 400 and 200, or in somecases from the acquirer network system 300. Many different makes andmodels of payment devices, system 100, exist. The rights andcertifications requirements to install the invention softwareapplication 120 into subsystem 100 are subject to both the make andmodel technology make-up and the device estate owner and the acquirer300 requirements. In some cases the device estate owner is also 300 andin other cases it is the merchant or a third party. The datacommunications to and from 100, have network security and may be one ormore choices of various types of wired links or wireless transmissionlinks.

The lottery application 120 is a software application which has userinterfaces for the customer, merchant, admin and maintenance. FIG. 6illustrates an example of a print-out of a lottery entry ticket of theterminal 100 resulting from an example usage of the lottery application120. Application 120 supports on 100 the display presentation and userinput and may be keypad or touch-screen. Application 120 supports datacommunications for wireless, wired dial-up and LAN to broadbandconnectivity.

Application 120 supports the local connected peripherals such as barcode reading of tickets and selection slips, customer display units,retailer display units, ticket checker and ticket validation processes,and external printers.

The invention software application subsystem 500 provides services andcontent to the invention's system 110 to enable the content andtransactions which originated in system 600. Invention subsystem 500provides services in the form of a set of transactions which perform andexecute and record business processes and transactions between thelottery commission, retail merchant, and customer.

This invention application 120 providing service at 100, may sometimesbe provided transactions indirectly via 300 and invention subsystem 310,or directly through the systems and networks 200 and 400, but is basedupon transactions with subsystem 500. Subsystem 500 is the repositoryfor lists and catalogs of games and all order handling businessdocuments for the sales and distribution processes. Subsystem 500interfaces to one or many operators, 600, either directly or via 520, athird party player account system or enterprise system. When requiredthe subsystem 500 may exist in one more licensed jurisdiction as needed.Subsystem 500 may also act as an accumulator and forwarding service forcustomer data.

The subsystem 310 is an adapter within a certified secure environment ofthe acquirer 300. Subsystem 310 acts as a proxy for 500 when needed tomeet the acquirer and estate owner needs for communicating appropriatelywith devices 100. As many 310 may be used as is needed to satisfydifferent Acquirers and their respective mix and needs for the multiplevariety of types of 100 makes and models of devices communicating with300.

The subsystem 510 is a management and monitoring tool for subsystem 500.Subsystem 510 is intended to create game product catalogs, and maintain,activate and publish catalogs, which contain items, pricing andpromotions. The subsystem 510 has tools to manage the catalogs pre-gameoffer, game validation, game start and game closing, and the post-gameresults, entry and publication. In some cases it is also used to publishwinning numbers and winning tickets. Subsystem 510 also has tools tomonitor the events associated with the on-going businesses of multipleoperator systems 600.

Invention subsystem 500 provides the highest level of transactionservices between the originating multiple products offered by multipleoperators 600 and the very larger number of merchants 100, associatedwith many regional acquirers 300.

Subsystems 510 and 500 create a business document appropriate for eachjurisdiction and each sales entry channel, the business documentsindicating product/services with itemized sales pricing, and promotionscatalogs. System 500 upon request sends directly or indirectly thebusiness documents to 110 which is to include live valid games to beplayed in the jurisdiction. Subsystem 500 obtains from many operators600 the necessary information to define games and game validity.Subsystem 110 may configure locally all the product selections or mayrequest from subsystem 500 information for the build either beingrandomly generated selections or from prior selections as registered bythe customer. Subsystem 500 may receive from the merchant 100 a requestfor a product as a built quote document and provides a validity responseto the request for quote which includes a valid time to purchase entryticket for a defined cost. Subsystem 500 may alternatively receive fromthe merchant 100 a purchase order document and responds with a purchaseorder acknowledgement document stating valid, error, accepting orrejecting based upon business rules or exclusions as provided by thebusiness data. Subsystem 500 may also receive from the merchant 100 apurchase order change request and responds with a purchase order changesrequest acknowledgement. Subsystem 500 may also receive from themerchant 100 a payment notice and responds with ticket entry successfulor failed so that the merchant 100 can print the ticket or failurenotice. Subsystem 500 may also receive from the merchant 100 for thosecustomers who have existing operator accounts, certain customer IDinformation and may respond with customer's national currency (eg.dollar, euro) balance or loyalty reward points balance. Subsystem 500may also receive from the merchant 100 an application from a customer toenroll and register for an operator account based upon information readby 100 from their drivers license.

Example Usage and Transactions

Continuing with a particular implementation of the invention, wherein itis a system to enable sales and distribution of lottery tickets, gametickets, and other entry tickets by utilizing the processing networksand devices of the financial services industry, the following exampleprocesses are representative of the operation of the present invention.

-   -   1. A merchant wishes to sell lottery tickets. The merchant        requests the acquirer make available the acquirer's terminal        signed application. The terminal's existing or proprietary        application makes available the terminal application for        download. The terminal application enables entity        authentication.    -   2. The merchant as a user of the terminal selects lottery from        an IDLE screen display and is prompted to “sign-on”.        -   a. The user interface of the terminal prompts the user to            “Enter/Swipe/Insert lottery issued credentials+Press OK”;            the user complies.        -   b. The user interface of the terminal prompts the user to            “Enter User Password number+Press OK”; the user complies.        -   c. The terminal application performs a cryptographic            technique and the terminal provides requesting-sign-on with            credentials and security information.        -   d. The request-sign-on is received by the acquirer server,            is recognized and is flagged for packaging and forwarding            with certain merchant, store and terminal data.        -   e. The central server performs its security and routing            rules, and forwards security information to the operator            server.        -   f. When authenticated (pass/fail) by the operator server,            then operator server provides responding-sign-on and            security-protocols to the central server and the terminal.        -   g. The terminal receives security responses and necessary            cryptographic information for connectivity with the central            server and the operator.        -   h. OUTPUT, Print Sign-on receipt.        -   i. OUTPUT, Print Sign-on message.        -   j. OUTPUT, Display IDLE display with a prompt indicating a            lottery selection.        -   k. Subject to response to sign on, then terminal may request            a download of application code from 310 or 300 central            server, for all operator transaction sets, and terminal            receives and authenticates the data origination and data            integrity. Application includes a reformatted operator            catalog of game information which is reformatted specific to            the acquirer protocol/format and terminal resources.    -   3. Player/recipient expresses interest to user/merchant to buy a        lottery ticket.    -   4. The user, for example a merchant, can activate the terminal        application from the display prompt and Function keypad push.        -   a. The user is prompted by display to create Order.        -   b. The user reviews the displayed choices of the catalog.        -   c. The user makes selections which become line items in a            Requesting Order document+OK.        -   d. The terminal application performs cryptographic technique            and submits a request for Order.        -   e. Request for Order is recognized by the acquirer and            packaged with certain merchant, store and terminal. The            central server performs its security, routing rules, and            forwards security information and package to operator.        -   f. The operator server performs security process and creates            a response having specific business data/information.        -   g. The operator server responds to Order, returns the            business data to the central server.        -   h. The central server transforms the business data into            Order Response document for eventual transformation            transport to terminal.        -   i. The central server packages the Order Response            transformed specifically for the acquirer network and            terminal for printing.        -   j. Merchant is prompted to Print OK, and selects OK on the            terminal to print.        -   k. A printed message is transported to the central server            and to the operator server.        -   l. The terminal outputs a ticket.        -   m. (As E-ticket contains sensitive information as it relates            to player, their selections and ticket control number, which            may be returned both encrypted and may be a graphic image in            the form not machine vision readable.)    -   5. Sign-off        -   a. Send sign-off request and receive sign-off response.        -   b. OUTPUT, Print sign-off slip.        -   c. Set internal state to disable wagering and tickets            functions.

In particular examples, the following transaction sets may be providedfor a lottery ticket purchase:

-   -   1. Buy TICKET for lottery draw game, Quick Pick        -   a. Select DRAW Game Type        -   b. Select Boards        -   c. Select Number of draws        -   d. Select Spiel/Encore and if yes, the number of Encore        -   e. Send Wager-coupon Order document        -   f. Receive Order Response of Wager-Coupon info in form of            e-Ticket        -   g. OUTPUT; Print e-ticket        -   h. Acknowledge print operation    -   2. Buy TICKET for KENO game event        -   a. Select KENO        -   b. Select Play Category (usually 2-10, but maybe up to            15)(Selections per Board) (TBD if to allow Xnumbers per            board)        -   c. Select Number of Draws        -   d. Select Amount per Board ($1, 2, 5, 10)        -   e. Play Spiel game (Encore)        -   f. If yes to encore then select number of Encores        -   g. OUTPUT, Print ticket

Each of the operations performed by the merchant or user of the terminal100 may be recorded or tracked by the acquirer server or the operatorserver, depending upon which network the terminal 100 is linked to at agiven time, or may be recorded or tracked by the central server. Adatabase may be provided for collecting or gathering data regardingthese operations. The database may be accessible to the acquirer and/orthe operator, or the acquirer and operator may be provided with accessto subsets of data. This data may be used for data analysis, reporting,business intelligence or other business needs by the operator, acquireror third party.

Additionally, as previously mentioned, a customer or alternately amerchant may use the terminal to review and choose products, makepersonal selections and then pay and optionally print an operator ticketin real time. Thus the shared use of the terminal 100 enables bothpayment processing and sales of operator products. Each of these tasksmay be executed within their respective network but could also bebrokered by the third party operating the central server or anotherbroker. The broker may act as an intermediary to process payments asbetween the merchants and the operator.

Furthermore, different client/server configurations are possible wherebyaspects of the business data (through the business documents forexample) may be controlled at the acquirer server application levelwhereby the transaction sets in effect are dynamically served to theclients (terminals) by the acquirer server application.

Other applications include the use of the terminal and networks tocreate, store, read, update and delete customers' favorite lotteryselections, for example games, and numbers to be used to print on thetickets. A database could be provided for binding these selections andnumbers to a customer's lottery issued card, loyalty card with machinereadable information, for example bar code, magnetic stripe, orcontactless card, or loaded into a smart card. These numbers may beanonymously stored or bound to each customer's account or anidentification card. A merchant or the customer would provide the cardto be read, which initiates the terminal application to obtain theselections and numbers and print the favorites and numbers.

The central server may provide an analysis and/or reporting utility.While an acquirer or an operator may not want to share with the otherparty the data communicated over its network, the central server as atrusted intermediary and operable to access the data may generate andprovide analytics, reports, and other summaries of the data for use bythe other party. For example, while the operator may not want theacquirer to have knowledge of the particular transactions being madeover the operator network, the central server may provide the acquirerwith reports regarding the number, frequency or amount of thetransactions in a given day, month or year.

Additionally, the central server may provide connectivity to theoperator acting as a trusted intermediary who contractually is anauthenticated single master merchant for a large quantity ofsub-merchants.

Furthermore, the present invention could be used for providing eventticketing, for example for sports and entertainment or could be used forproviding public transit tickets.

1. A system for linking at least one acquirer network operating a closednetwork to at least one operator, the acquirer network including one ormore terminals and optionally an acquirer server, the systemcharacterized by a central server linked to the acquirer network and tothe operator, the central server configurable to communicate with atleast a subset of the one or more terminals, and also with the operator,and to establish one or more communication links between the operatorand the one or more terminals, wherein the central server acts as atrusted intermediary between the acquirer network and the operator forenabling the operator to communicate with the one or more terminals viathe closed acquirer network.
 2. The system as claimed in claim 1,characterized in that the operator is a closed network and includes anoperator server, and the central server enables communications betweenthe operator server and the one or more terminals via the closedacquirer network.
 3. The system as claimed in claim 2, characterized inthat the acquirer server provides data and/or device authentication forauthenticating the one or more terminals to the acquirer network,thereby enabling communication between the operator server and the oneor more terminals via the acquirer network requiring data and/or deviceauthentication.
 4. The system as claimed in claim 3, characterized inthat the central server further includes or is linked to a securityservices utility enabling entity authentication initiated at theauthenticated terminal for creating a communication link between theauthenticated terminal to the operator network.
 5. The system as claimedin claim 1, characterized in that a plurality of acquirer networks arelinked to the central server for enabling communications between theoperator and multiple acquirer networks, or a subset of terminalsassociated with one or more of the multiple acquirer networks.
 6. Thesystem as claimed in claim 1, characterized in that the central serveris operable to enable the one or more terminals to create, or facilitatethe creation of, one or more messages, the contents of which comply withthe security requirements of the associated acquirer network and therebycan be communicated over the associated acquirer network, but thecontent of which may only be extracted from the message by the operatorand/or the trusted intermediary on the operator's behalf.
 7. The systemas claimed in claim 1 characterized in that one or more of thecommunications between the operator and the one or more terminals enableone or more transaction between (a) the one or more terminals, or acustomer of a merchant associated with the one or more terminals, and(b) the operator, via the acquirer network.
 8. The system as claimed inclaim 1, characterized in that the central server includes means for theoperator to provide it with business data relating to the one or moretransactions of operator, or one or more offerings sold by operator inone or more related transactions, the central server being furtheroperable to transform the business data into one or more businessdocuments established by determining the one or more communicationsbetween the operator and the one or more terminals required forimplementation of the transaction to the system, the business documentsbeing operable to provide, or be used by developers to provide, to theone or more terminals one or more transaction sets that enable the oneor more terminals to initiate the one more communications forimplementation of the transaction.
 9. The system as claimed in claim 8,characterized in that the business data is in a first format, thebusiness documents are in a second format and the transaction sets arein a third format.
 10. The system as claimed in claim 9, characterizedin that the transforming of the business documents to transaction setsis initiated by the terminal, or a request processed by the terminal.11. A computer-network-implementable method for linking at least oneacquirer network operating a closed network to at least one operator,the acquirer network including one or more terminals and optionally anacquirer server, the method characterized by: a. linking a centralserver to the acquirer network and to the operator; and b. configuring,or facilitating the configuring, by one or more computer processors, thecentral server to communicate with at least a subset of the one or moreterminals, and also with the operator, and to establish one or morecommunication links between the operator and the one or more terminals,so as to enable the central server to act as a trusted intermediarybetween the acquirer network and the operator for enabling the operatorto communicate with the one or more terminals via the closed acquirernetwork.
 12. The method as claimed in claim 11, characterized in thatthe operator is a closed network and includes an operator server, andthe central server enables communications between the operator serverand the one or more terminals via the closed acquirer network.
 13. Themethod as claimed in claim 12, characterized in that the methodcomprises the further step of the acquirer server authenticating the oneor more terminals to the acquirer network by data and/or deviceauthentication, thereby enabling communication between the operatorserver and the one or more terminals via the acquirer network requiringdata and/or device authentication.
 14. The method as claimed in claim13, characterized in that the central server further includes or islinked to a security services utility enabling entity authenticationinitiated at the authenticated terminal for creating a communicationlink between the authenticated terminal to the operator network.
 15. Themethod as claimed in claim 11, characterized in that a plurality ofacquirer networks are linked to the central server for enablingcommunications between the operator and multiple acquirer networks, or asubset of terminals associated with one or more of the multiple acquirernetworks.
 16. The method as claimed in claim 11, characterized in thatthe central server is operable to enable the one or more terminals tocreate, or facilitate the creation of, one or more messages, thecontents of which comply with the security requirements of theassociated acquirer network and thereby can be communicated over theassociated acquirer network, but the content of which may only beextracted from the message by the operator and/or the trustedintermediary on the operator's behalf.
 17. The method as claimed inclaim 11, characterized in that one or more of the communicationsbetween the operator and the one or more terminals enable one or moretransaction between (a) the one or more terminals, or a customer of amerchant associated with the one or more terminals, and (b) theoperator, via the acquirer network.
 18. The method as claimed in claim11, characterized in that the central server includes means for theoperator to provide it with business data relating to the one or moretransactions of operator, or one or more offerings sold by operator inone or more related transactions, the central server being furtheroperable to transform the business data into one or more businessdocuments established by determining the one or more communicationsbetween the operator and the one or more terminals required forimplementation of the transaction to the system, the business documentsbeing operable to provide, or be used by developers to provide, to theone or more terminals one or more transaction sets that enable the oneor more terminals to initiate the one more communications forimplementation of the transaction.
 19. The method as claimed in claim18, characterized in that the business data is in a first format, thebusiness documents are in a second format and the transaction sets arein a third format.
 20. The method as claimed in claim 19, characterizedin that the transforming of the business documents to transaction setsis initiated by the terminal, or a request processed by the terminal.